|

»

Dwr in remote Xul web applications

View: New views

4 Messages — Rating Filter: Alert me

	Dwr in remote Xul web applications by S.Pérès-Labourdette :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I've just packaged a new release of my portal web app including latest 2.0.5 release of Dwr. It just runs perfectly and very fast with jawr integration. I would like to point out engine.js changes i've done to make dwr working into a Mozilla remote Xul context so maybe someone could include it in future releases, because i think this would be great. The only 'blocking' issue i found is in the dwr.engine._getJSessionId member which i rewrote like that ...... /** @private What is our session id? */ dwr.engine._getJSessionId = function() { if (typeof document.cookie == 'undefined') { // not in a classic html context so guessing xul netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect'); var cookieManager = Components.classes["@mozilla.org/cookiemanager;1"].getService(Components.interfaces.nsICookieManager2); var iter = cookieManager.enumerator; while (iter.hasMoreElements()) { var cookie = iter.getNext(); if (cookie instanceof Components.interfaces.nsICookie) { if (cookie.name == dwr.engine._sessionCookieName) return cookie.value; } } } else { var cookies = document.cookie.split(';'); for (var i = 0; i < cookies.length; i++) { var cookie = cookies[i]; while (cookie.charAt(0) == ' ') cookie = cookie.substring(1, cookie.length); if (cookie.indexOf(dwr.engine._sessionCookieName + "=") == 0) { return cookie.substring(dwr.engine._sessionCookieName.length + 1, cookie.length); } } } return ""; } ......... Regards, S.PERES-LABOURDETTE
	Re: Dwr in remote Xul web applications by Joe Walker-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thanks for the submission. I'm nervous about adding this to engine.js for 2 reasons: - I want to keep it as small as possible - ideally much smaller than it is now. - I'm concerned about the security implications of what you're doing. Is it safe to download remote scripts for execution in a chrome context? Joe. On Thu, Sep 11, 2008 at 11:48 AM, S.Pérès-Labourdette <sperlab@...> wrote: I've just packaged a new release of my portal web app including latest 2.0.5 release of Dwr. It just runs perfectly and very fast with jawr integration. I would like to point out engine.js changes i've done to make dwr working into a Mozilla remote Xul context so maybe someone could include it in future releases, because i think this would be great. The only 'blocking' issue i found is in the dwr.engine._getJSessionId member which i rewrote like that ...... /** @private What is our session id? */ dwr.engine._getJSessionId = function() { if (typeof document.cookie == 'undefined') { // not in a classic html context so guessing xul netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect'); var cookieManager = Components.classes["@mozilla.org/cookiemanager;1"].getService(Components.interfaces.nsICookieManager2); var iter = cookieManager.enumerator; while (iter.hasMoreElements()) { var cookie = iter.getNext(); if (cookie instanceof Components.interfaces.nsICookie) { if (cookie.name == dwr.engine._sessionCookieName) return cookie.value; } } } else { var cookies = document.cookie.split(';'); for (var i = 0; i < cookies.length; i++) { var cookie = cookies[i]; while (cookie.charAt(0) == ' ') cookie = cookie.substring(1, cookie.length); if (cookie.indexOf(dwr.engine._sessionCookieName + "=") == 0) { return cookie.substring(dwr.engine._sessionCookieName.length + 1, cookie.length); } } } return ""; } ......... Regards, S.PERES-LABOURDETTE -- View this message in context: http://www.nabble.com/Dwr-in-remote-Xul-web-applications-tp19432203p19432203.html Sent from the DWR - Dev mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...
	Re: Dwr in remote Xul web applications by S.Pérès-Labourdette :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi. This is the point. I'm doing remote xul, not a chrome-like kind of firefox extension Thanks to mozilla's design there is no need to wonder about your concerns. I'm not an xpcom expert, but when i was first concerned with security when designing my first remote xul app, the first thing i learned is that "chrome" vs "remote xul" is just like god vs evil. Enabling security in remote xul app rely on firefox profile settings you can't tweak remotely such as : - signed.applets.codebase_principal_support - security.xpconnect.plugin.unrestricted ...... Also, most of xpcom components access is just forbidden in a "remote xul" app. As far as i'm concerned, Direct Web "Remoting" is useful for "remote" apps and "remote" xul is definitely not chrome. What is your point ? Joe Walker-3 wrote: Thanks for the submission. I'm nervous about adding this to engine.js for 2 reasons: - I want to keep it as small as possible - ideally much smaller than it is now. - I'm concerned about the security implications of what you're doing. Is it safe to download remote scripts for execution in a chrome context? Joe. On Thu, Sep 11, 2008 at 11:48 AM, S.Pérès-Labourdette <sperlab@gmail.com>wrote: > > I've just packaged a new release of my portal web app including latest > 2.0.5 > release of Dwr. > It just runs perfectly and very fast with jawr integration. > > I would like to point out engine.js changes i've done to make dwr working > into a Mozilla remote Xul context so maybe someone could include it in > future releases, because i think this would be great. > > The only 'blocking' issue i found is in the dwr.engine._getJSessionId > member > which i rewrote like that > > ...... > /** @private What is our session id? */ > dwr.engine._getJSessionId = function() { > if (typeof document.cookie == 'undefined') { // not in a classic > html > context so guessing xul > > netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect'); > var cookieManager = > Components.classes["@mozilla.org/cookiemanager;1 > "].getService(Components.interfaces.nsICookieManager2); > var iter = cookieManager.enumerator; > while (iter.hasMoreElements()) { > var cookie = iter.getNext(); > if (cookie instanceof > Components.interfaces.nsICookie) { > if (cookie.name == > dwr.engine._sessionCookieName) > return cookie.value; > } > } > } > else { > var cookies = document.cookie.split(';'); > for (var i = 0; i < cookies.length; i++) { > var cookie = cookies[i]; > while (cookie.charAt(0) == ' ') > cookie = cookie.substring(1, cookie.length); > if (cookie.indexOf(dwr.engine._sessionCookieName + > "=") == 0) { > return > cookie.substring(dwr.engine._sessionCookieName.length + 1, > cookie.length); > } > } > } > return ""; > } > ......... > > > Regards, > S.PERES-LABOURDETTE > > -- > View this message in context: > http://www.nabble.com/Dwr-in-remote-Xul-web-applications-tp19432203p19432203.html > Sent from the DWR - Dev mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe@dwr.dev.java.net > For additional commands, e-mail: dev-help@dwr.dev.java.net > >
	Re: Dwr in remote Xul web applications by Joe Walker-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Bizarrely just a couple of days ago I was investigating a Firefox plugin that did come work with cookies - I was enumerating over all the cookies stored by the browser with exactly the same code that you are using. I guess there is more than one nsICookieManager2?? One for Chrome apps that gives you scarey powers and one for remote XUL apps that looks like the Chrome thing but in reality is only as powerful as the browser one. If this is right then my only objection is about code bloat and testing. If you can help me with testing - then I'll add it in. Please could you create a very very very small remote xul app that simply opens a new xul window, with as little decoration as possible, which automatically onload fires of a call to a hypothetical DWR method something like this: function callOnLoad() { // This is a DWR method cal Test.doNothing(function(data) { dump(data); window.close(); // or whatever you have to do }); } Thanks, Joe. On Sun, Sep 14, 2008 at 3:10 PM, S.Pérès-Labourdette <sperlab@...> wrote: Hi. This is the point. I'm doing remote xul, not a chrome-like kind of firefox extension Thanks to mozilla's design there is no need to wonder about your concerns. I'm not an xpcom expert, but when i was first concerned with security when designing my first remote xul app, the first thing i learned is that "chrome" vs "remote xul" is just like god vs evil. Enabling security in remote xul app rely on firefox profile settings you can't tweak remotely such as : - signed.applets.codebase_principal_support - security.xpconnect.plugin.unrestricted ...... Also, most of xpcom components access is just forbidden in a "remote xul" app. As far as i'm concerned, Direct Web "Remoting" is useful for "remote" apps and "remote" xul is definitely not chrome. What is your point ? Joe Walker-3 wrote: > > Thanks for the submission. > I'm nervous about adding this to engine.js for 2 reasons: > - I want to keep it as small as possible - ideally much smaller than it is > now. > - I'm concerned about the security implications of what you're doing. Is > it > safe to download remote scripts for execution in a chrome context? > > Joe. > > On Thu, Sep 11, 2008 at 11:48 AM, S.Pérès-Labourdette > <sperlab@...>wrote: > >> >> I've just packaged a new release of my portal web app including latest >> 2.0.5 >> release of Dwr. >> It just runs perfectly and very fast with jawr integration. >> >> I would like to point out engine.js changes i've done to make dwr working >> into a Mozilla remote Xul context so maybe someone could include it in >> future releases, because i think this would be great. >> >> The only 'blocking' issue i found is in the dwr.engine._getJSessionId >> member >> which i rewrote like that >> >> ...... >> /** @private What is our session id? */ >> dwr.engine._getJSessionId = function() { >> if (typeof document.cookie == 'undefined') { // not in a classic >> html >> context so guessing xul >> >> >> netscape.security.PrivilegeManager.enablePrivilege('UniversalXPConnect'); >> var cookieManager = >> Components.classes["@mozilla.org/cookiemanager;1 >> "].getService(Components.interfaces.nsICookieManager2); >> var iter = cookieManager.enumerator; >> while (iter.hasMoreElements()) { >> var cookie = iter.getNext(); >> if (cookie instanceof >> Components.interfaces.nsICookie) { >> if (cookie.name == >> dwr.engine._sessionCookieName) >> return cookie.value; >> } >> } >> } >> else { >> var cookies = document.cookie.split(';'); >> for (var i = 0; i < cookies.length; i++) { >> var cookie = cookies[i]; >> while (cookie.charAt(0) == ' ') >> cookie = cookie.substring(1, >> cookie.length); >> if (cookie.indexOf(dwr.engine._sessionCookieName + >> "=") == 0) { >> return >> cookie.substring(dwr.engine._sessionCookieName.length + 1, >> cookie.length); >> } >> } >> } >> return ""; >> } >> ......... >> >> >> Regards, >> S.PERES-LABOURDETTE >> >> -- >> View this message in context: >> http://www.nabble.com/Dwr-in-remote-Xul-web-applications-tp19432203p19432203.html >> Sent from the DWR - Dev mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscribe@... >> For additional commands, e-mail: dev-help@... >> >> > > -- View this message in context: http://www.nabble.com/Dwr-in-remote-Xul-web-applications-tp19432203p19480676.html Sent from the DWR - Dev mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@... For additional commands, e-mail: dev-help@...